[Standards-JIG] proposed In-Band Registration revisions

Peter Saint-Andre stpeter at jabber.org
Wed Dec 7 22:20:09 UTC 2005


Several implementors have mentioned to me before that they consider the 
password change and deregistration use cases in JEP-0077 to be insecure 
since the old password is not required in order to complete them. (What 
if someone uses your computer while you step away for a minute and 
changes your password?) Therefore I have added some optional protocol 
flows to JEP-0077, using Data Forms to require additional information 
before allowing a password change or deregistration. As with the 
JEP-0071 changes, these revisions are provisional and need to be 
approved by the Jabber Council.

CVS Modifications: 
http://jabberstudio.org/cgi-bin/viewcvs.cgi/cvs/jeps/0077/jep-0077.xml?r1=1.48&r2=1.49

Rendered version: http://www.jabber.org/jeps/tmp/jep-0077-2.2.html

Feedback is welcome as always.

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20051207/69f5d321/attachment.bin>


More information about the Standards mailing list